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Amendments to the Si>ecification; 
Paragraph [0037]: 

[0037] What has been described thus far is just the normal operation of the XDMC? and X 
protocols. One focus of this invention is the operation of the browser isolator module [[120]] 
130, which scrutinizes the network communications between the protected computer 110 and 
the browser module 140. The selected protocols of the X-Windows system have the attribute 
that that they do not transfer data between computers other than that necessary for the user 
interface. The user interface data is temporary in that it is transferred across the network and 
used to generate the interface shown to the user, but is not stored permanently* This is unlike 
the Ihtemet File Transfer Protocol (FTP), which copies the contents of files fiom one 
computer to another and permanently stores the copies on the receiving coiriputer. By 
restricting communication widi the protected computer 110 to these two X-Windows 
protocols, the browser isolator module [[120]] 130 prevents the transfer of permanent data 
between one or more of the protected computers 110 and the browser module 140, and fiom 
tibere the exiemel network 150. 

Paragraph [0038]: 

[0038] If the browser isolator module [[120]] 130 only restricted communications with the 
browser module 140 to certain protocols, the browser isolator module [[120]] 130 would be 
nothing more than a sunple firewall. However, the browser isolator module [[120]] IM not 
only restricts communication to the XDMCP and X protocols, it can examine each protocol 
packet in detail, inspecting one or more predetermined fields in die packets to ensure that 
each field contains valid, e.g., authorized, information. Beyond verifying tiiat each field 
contains valid information, fields with related irrfbrmation can be compared within and 
between packets in the protocol session to ensure that there is a consistent relationship during 
the life of the session. Individual field contents can also be verified in a vari^y of ways 
depending on the type of the field 

Paragraph [0043]: 

[0043] The exemplary purpose of these detailed packet field checks by the browser isolator 
module [[120]] 130 is two-fold. By ensuring that the fields contain only valid, consistent 
information, the browser isolator module [[120]] 130 reduces the chances that a defect in the 
protocol implementation on either the browser module 140 or a protected computer 110 can 
be exploited by unauthorized software. The checks for data consistency also reduce the 
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possibility that packet fields can be used to surreptitiously transfer data by varying their 
contents over time. 

Paragraph 0046: 

[0046] AJtcmatively, or in conjunction with the above, the systems and methods of this 
invention can provide Internet access from a protected network 200 by a tunnelled 
communications path^ As illxistrated in FIG. 2^ the protected network 200 comprises one or 
more protected computers 210, two of which are shown for purposes of illustration. Each 
protected con4>uter 210 comprises a special virtual machine (SVM) 220 having a browser 
230. The browser 230 for each protected computer [[120]] 210 communicates with the 
external network ISO, sudi as the Internet by means of a border module 240. 
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